[Note:
The most recent updates (if any) are highlighted]
CS 5950 - Computer Security and Information
Assurance — Fall 2009
Course Outline
Department of
Computer Science
Class Web Pages:
Syllabus - main page: index.htm
Detailed course outline (this page): outline.htm
Announcements and slides: announcements+slides.htm
The
following list of lecture topics is based on Table of Contents for the textbook
(i.e., based on the textbook Security
in Computing. Fourth Edition by Pfleeger and Pfleeger, Prentice Hall,
2007, ISBN 0-13-239077-9).
I. We'll cover the following issues (numbers are Chapter
numbers):
1.
Is There a Security Problem in Computing?
What Does “Secure” Mean? Attacks. The
Meaning of Computer Security. Computer Criminals. Methods of Defense.
2. Elementary Cryptography.
Terminology and Background. Substitution Ciphers. Transposition (Permutations).
Making “Good” Encryption Algorithms. The Data Encryption Standard (DES). The
AES Encryption Algorithm. Public Key Encryption. The Uses of Encryption.
Chapter 7 will be covered out-of-sequence to facilitate running lab exercises.
7.
Security in Networks.
Note:
Despite the short list of chapter topics, we'll spend about 30% of
lecture time in this area
Network
Concepts. Threats in Networks. Network Security Controls. Firewalls. Intrusion
Detection Systems. Secure E-Mail.
3. Program Security.
Secure Programs. Nonmalicious Program Errors. Viruses and Other Malicious Code.
Targeted Malicious Code. Controls Against Program Threats.
If
time permits: 4. Protection in
General-Purpose Operating Systems.
Protected Objects and Methods of Protection. Memory and Address
Protection. Control of Access to General Objects. File Protection
Mechanisms. User Authentication. Summary of Security for Users.
If
time permits: 6. Database and Data
Mining Security.
Introduction to Databases. Security
Requirements. Reliability and Integrity. Sensitive Data. Inference.
Multilevel Databases. Proposals for Multilevel Security. Data Mining.
II. We'll cover only the major
selected topics/issues from:
10. Privacy in Computing
Privacy
Concepts. Privacy Principles and Policies. Authentication and Privacy. Data
Mining. Privacy on the Web. E-mail Security. Impacts on Emerging
Technologies.
11.
Legal and Ethical Issues in Computer Security.
Protecting Programs and Data.
Information and the Law. Rights of
Employees and Employers. Redress for Software Failures. Computer Crime. Ethical
Issues in Computer Security. Case Studies of Ethics.
III. We will not cover:
5. Designing Trusted Operating Systems.
What Is a Trusted System? Security Policies. Models of Security. Trusted
Operating System Design. Assurance in Trusted Operating Systems.
8. Administering Security.
Security Planning. Risk Analysis. Organizational Security Policies. Physical
Security.
9.
The Economics of Cybersecurity
Making a Business Case.
Quantifying Security. Modeling Cybersecurity.
12.
Cryptography Explained
Mathematics for
Cryptography. Symmetric Encryption. Public Key Encryption Systems. Quantum
Cryptography.
==================
© 2007-2009 by Leszek T.
Lilien
Last updated on 8/28/09